Don't call a macro that does `goto exit` on failure after the `exit:` label:
that would cause an infinite loop if something does go wrong.
Generally, cleanup functions don't error out, so it is unlikely to be a
problem in practice. If an error does happen during cleanup, it's probably
due to memory corruption caused by a bug that happened earlier, and that is
likely to have been detected in an earlier function. So we don't really need
to assert the return code of functions called during cleanup, and normally
we don't. Only a few places did so, wrongly.
I found the problematic places with
```
ag 'exit:[^}]*(PSA_ASSERT|TEST_ASSERT|TEST_EQUAL)' tests/suites/*.function
```
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In a PAKE operation that has been initialized with `PSA_PAKE_OPERATION_INIT`
or `psa_pake_operation_init()`, the content of the driver-specific part is
indeterminate. It is actually all-bits-zero on most platforms, but not all,
e.g. not with GCC 15 or CompCert. So don't assert anything about it.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
When initializing a PAKE operation structure, use an
auxiliary function that doesn't initialize union members to all-bits-zero.
Context: on most compilers, initializing a union to `{0}` initializes it to
all bits zero; but on some compilers, the trailing part of members other
than the first is left uninitialized. This way, we can run the tests on any
platform and validate that the code would work correctly on platforms where
union initialization is short, such as GCC 15.
This commit extends 93dd99571b to
`test_suite_psa_crypto_pake.function`.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The compile time guards were too restrictive, excluding builds with
drivers, updating them will allow driver tests to run as well.
Signed-off-by: Janos Follath <janos.follath@arm.com>
Assert that two forked children have distinct RNG states, and also that the
state is distinct from their parent.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit fixes two problems:
1. In 3.6 the SSL unit test framework ignores option.cipher, we need to
enforce it manually
2. In 3.6 we still have RSA key exchange and we need to condition the
RSA test on the presence of ECDHE_RSA key exchange modes as well
Signed-off-by: Janos Follath <janos.follath@arm.com>
DEBUG_C supposed to have been removed from the test dependencies, still
being there is an oversight. Removing it was the sole purpose of
3e58109fbd.
Signed-off-by: Janos Follath <janos.follath@arm.com>
The unit test framework always loads the client key as well, which
requires a different curve and a hash than the server key.
Signed-off-by: Janos Follath <janos.follath@arm.com>
Add a test case with a successful handshake for each test case that
causes the desired handshake failure, with minimal differences between
the two.
The reason is to have more assurance that the handshake is failing for
the desired reason (as opposed to not having done something correctly in
the test code).
Signed-off-by: Janos Follath <janos.follath@arm.com>
There are other issues that can fail with the same error code. Make sure
that the handshake fails exactly the way we want it to fail by analysing
the client logs.
Signed-off-by: Janos Follath <janos.follath@arm.com>
In Mbed TLS 3.6 we still need to manually configure the RNG for TLS. Add
this to the testcase for default verify_result.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
This patch adds psa_aead_decrypt_setup() & psa_aead_finish()
path to the multipart_state_testing.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
Add tests for key import-export and key import followed by public-key
export when the output buffer is too small. Add these tests for the
following curves:
* p256 as an example of a Weierstrass curve
* Curve25519
* Curve448
Signed-off-by: David Horstmann <david.horstmann@arm.com>
This testcase calls psa_export_public_key() on an FFDH key with an
output buffer that is too small. Since the size is calculated based on
the required key size but not checked against the available buffer size,
we overflow the buffer.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
